SANS ISC InfoSec Forums

Paul Starzetz ( http://www.isec.pl ) identified a new vulnerability in all current linux kernels ( 2.2, 2.4 and 2.6 ). This vulnerability could allow unprivileged users to gain root access.

So far, we have not seen an exploit for this vulnerability.

New kernels were released today for all major linux distributions.

Kernel upgrades can be tricky and require a reboot of your system. Be advised to carefully test new kernels before deploying them. While this vulnerability is not directly remotely exploitable, it is possible that other vulnerabilities (e.g. cgi scripts) will be used to gain access to a machine as a non-privileged user. This vulnerability will allow such an intruder to escalate privileges and become root.